FC5 MLS Policy: auditctl permission denied
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 30 16:06:30 UTC 2006
Michael C Thompson wrote:
>
> Hey Steve,
>
> Under the FC5 MLS policy, what is the magic incantation of SELinux
> role and MLS range that will make auditctl go? I've tried staff_r,
> with staff_t and SystemLow, which I did not expect to work (and it
> didn't). I've also tried sysadm_[rt] and secadm_[rt] with both
> SystemHigh and SystemLow. So far, no combination has lead to auditctl
> being usable. secadm & sysadm attempts resolve in a direct bash denial
> message, whereas staff _can_ execute audit, but I get the messages:
> "Error sending (rule/watch) list request (Permission denied)"
>
> Anyone know the magic or is this a policy bug?
>
secadm_r
newrole -r secadm_r -l SystemHigh
> Thanks,
> Mike
> ------------------------------------------------------------------------
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list